From f862377de04ad32b1df6e889d426738bb3617159 Mon Sep 17 00:00:00 2001
From: Peter Matulis <peter.matulis@canonical.com>
Date: Thu, 28 May 2020 14:50:08 -0400
Subject: [PATCH] Mention SSL certificates with OVN

Change-Id: Ib4613efe471b471ca2dcecc1a6492c3c92221ac4
---
 deploy-guide/source/app-ha.rst | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/deploy-guide/source/app-ha.rst b/deploy-guide/source/app-ha.rst
index 407865d..8b94c92 100644
--- a/deploy-guide/source/app-ha.rst
+++ b/deploy-guide/source/app-ha.rst
@@ -724,6 +724,15 @@ are working nova-compute and vault applications.
    juju add-relation ovn-chassis:certificates vault:certificates
    juju add-relation ovn-chassis:nova-compute nova-compute:neutron-plugin
 
+Finally, you will need to provide an SSL certificate. This can be done by
+having Vault use a self-signed certificate or by using a certificate chain.
+We'll do the former here for simplicity but see `Certificate lifecycle
+management`_ for how to use a chain.
+
+.. code-block:: none
+
+   juju run-action --wait vault/leader generate-root-ca
+
 Here is select output from the :command:`juju status` command for a minimal
 deployment of OVN with MySQL 8:
 
@@ -805,6 +814,7 @@ Charms`_ project group.
 .. _Clustered Database Service Model: http://docs.openvswitch.org/en/latest/ref/ovsdb.7/#clustered-database-service-model
 .. _Raft algorithm: https://raft.github.io/
 .. _Ceph bucket type: https://docs.ceph.com/docs/master/rados/operations/crush-map/#types-and-buckets
+.. _Certificate lifecycle management: app-certificate-management
 
 .. BUGS
 .. _LP #1234561: https://bugs.launchpad.net/charm-ceph-osd/+bug/1234561